socgholish | 578da288c80a3cb87d650054f16d566c704b84ad308041fa38686c25b7f0d555

Analysis

max time kernel
122s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/12/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bebac414a1b241df54fd4c9096015696_JaffaCakes118.html
Size

156KB
MD5

bebac414a1b241df54fd4c9096015696
SHA1

9da4cff2d6f15340075761d797c88aaef2dae271
SHA256

578da288c80a3cb87d650054f16d566c704b84ad308041fa38686c25b7f0d555
SHA512

ab5190203f3e6726778b10fad332bb2ebce5aa5a1d41cb75a42b92e98a053eabe1df83a962897c48cf7b14d563751b02aefb6eea27a0595c8f57db8f493fb17e
SSDEEP

3072:f5x9UcjvG8rMUcXmNRS7vaCCSTi0od0tomg0L82xc4K4vRmrFUkxSmZtzj:fjGXmNRG20mm6xj

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{118ACA91-B1A7-11EF-833B-EE9D5ADBD8E3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439413527"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2060	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2060	iexplore.exe
2060	iexplore.exe
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2200	2060	iexplore.exe	30
PID 2060 wrote to memory of 2200	2060	iexplore.exe	30
PID 2060 wrote to memory of 2200	2060	iexplore.exe	30
PID 2060 wrote to memory of 2200	2060	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bebac414a1b241df54fd4c9096015696_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5c5ffd3c3623164347bf57741057da24

SHA1
6f5115c5438625b0e8f7021d307d3af7915f6f8b

SHA256
677e17aeb0c5afe372e51f7851b483ca2aba1b361bc182c07eed6eca07773ade

SHA512
a678bfa96eb0a0817d71a57c240d5432445144b1702c76a61e3574196069d0b08a672c6f13eff1aa25b428f77d232992381a81724178ccee0c2ab4a8c6b13c19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
1968bab485bd98879f6e63515d01b07b

SHA1
399302236fdf0470b10df5803db14bd72a915951

SHA256
0deb9e14b069a47a20dc79bf68b1d6c168196a3feaa82ce622db4e4647ce7cc7

SHA512
f551c180dd41384827a13e3b73cb1c6d35f47c5b16658da8595414ead54eab01882dc5d1e913dde470b4e50da648aad8d9d686d9e16c1f83d51d40bd1935ed87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5d29c94f4aad60a4197f673e9a36a6a5

SHA1
42291109abb6dc5ff35e265cb5ee57fa34e0a5fc

SHA256
3f2ae73da8ee44c49f60ed41907b3e635070d6153dbe1f5eff1836fc5c51d12d

SHA512
0a276bcecdff047864a81e81832e75d72a2fa8847b55ca5e0f2b33cf2192ae315891ccbe73b4d1bcac50f3bfabebdcecc10898310f542ad620b29efe44c2e1da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
713d18b68596d5e8e39fd0db5c3466e2

SHA1
351199c64582e3ed3f55f128df08df48476b774f

SHA256
9da561086cead29f00773ba35271676a0e7394ed3a4ef6d211f86da44348b015

SHA512
1c8dfc0925ea657e65026e144280f6a183ff756fd7c185c94830139fd1ed9f0e849b665cc41cbaa9ae9f5ae690e9ff9b795864c4239d85cb1c791953a88d13ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3945741da5b47f83ffc11bc88f09cb18

SHA1
b02661d7857b7659f96149db08e99a72b6682cca

SHA256
be51bfffe4491a62239be6c914835baa3cc5f27b313033be414b2cc10863e1ce

SHA512
bf3035be8ecffe4b5e799916d897ccbf317363271309c45769bf255181f1efeebe393c9ed9f9b88e308e3f854e27a67d941f98f103cba8784783e19a245b0ea5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
940615ae3c7d2c38aac29ada23532ce8

SHA1
6e02512ae8db998c257514cc0521223629a6c1af

SHA256
122f439ff8fdb7e29eb4436401f2cbb1f0d0672d92bcd7644688f84148bf445b

SHA512
8820095ad15d391791b200792034642787d8dd92805ca92a1ba803c4d8ba6969054d7da524d8be455365ddb632a52073d25eb187e10c621d0702834a83254399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07fd4c07450f120ae35667f3e6b84395

SHA1
a12338937f95341c9fc0f95925ecbce32f03736a

SHA256
358043af3b648cbb28cb5375869a070ac1b0b6149d445888ee653d16bb473b4d

SHA512
d94c3759061258ba62014fc6a4d1b0db870b2b89056afd10bdce84e8206bde5efb91f117ee8bc2b805a604d868d7e9e8c6a148fade973cbecf11090b15984f77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e79ccef3bba5bbecaa2ac3f4f2c8c018

SHA1
066727a2eb856531be61dbc1f3e5f7916e16f850

SHA256
9a3a81f71b5c28120e1013fed9f3e61c60a9429cebb6896c265193e995d2427f

SHA512
d623b25b052f41d4109148a60cd0ece9fcffa8b7ca5100fe06cfb8bd12cfeab8c1b4a2454c7efe106385ea8596d0aca27cfa784ef5ac8e63b965922a32626d73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e4055460061c4aa05a878df4f79a00e

SHA1
c576c39f6094ec29bf7bf7155d5d8746d6e657e9

SHA256
b39b37f4ed5ea6031ff09407361fd26ebbcb7a0b53f926bfeb0daa9d3b0da3a5

SHA512
33a6414c66f302b7a1ea1550e3c6697513b01e2fa49d284aa28c4403333c59b1bcfcdf05eecc495419381c98b82dbe7c8055900c30c0e0a720ed3d0766a53dc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
555ae813bf3afc0901cf47642d2a4d46

SHA1
d2894af45d3492b1b49d0a672e2cfb2042664fb9

SHA256
ce00697d473e98682cded535536b9a239491fc9f3547aa980e22f62d2232bf17

SHA512
47839f29f8558374e78d0e08ae4c321a1d3cbeb1f596a1e2ab39ed47eca9e74d41f21de5ca902c6575d459c5a1d75959b22abb0625bde2c5fcc77f762c474466

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4ed002214f891582548867aa3f8ad13

SHA1
e7e6459bff0c1cd9a6236a3bda4dd97b5d1832db

SHA256
10ddd556923ac2428c31ede94f2c0983ce91009a13ef805bce6188ff6227cee6

SHA512
fb9983669b8f653e95cb6595a39283e8ebd86feebf189773a1837aaa3dce02eb7fdd365024332229d2cadeac9749d9f9fc2c2abb2b479a302c56600a6e6a90a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fa73aed275ba5f216d0998c4d410299

SHA1
e46d87a623875daa52bd17daf1f53c3412ddc707

SHA256
4bf5e6add0f7c6b69925abeea768ea3b23cabc7ebb81d3c9b4a398cb0bfc9fec

SHA512
e9db9b847d1cc12ad78b7d54593285e840af11cfc100a345a39f28a88cead52ac79cb04d04ece0e8578aae9c67557be97c72906dfe4c2289359a332c957a9581

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d1c101fb3ff6ae55b67ce042436739c

SHA1
a4cc836ec80fc481979d08ead5fbec81e102f265

SHA256
a659fec5b0eb23eb6d5486dc586ffa11295f044d927c79faf92e93f99a901961

SHA512
8e0cfed5b88005f2ce0d74a0f4309654391ef65cc8bd1323fc366180aaf383eee522e3c5ecd3ea75a5b82ad260564a413dcd47fb2f2bf1db9d0723d62a2fc2ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
57afcb8fe6c4afbb756891a8cd9d1257

SHA1
387706278643f289311650cc2773ec6d2890d6a7

SHA256
2b63684a18d1b9ff3c5f6af44571e2830b1e981c584a2f2903e5415cacaf2f0c

SHA512
71b7a24bad9e7277e348a1cc9555a00369c21009da3822297c352c4b4bb9ab5689e48c400f0447450b9a4b8dace475395bdb0d8ec1f6731137bdf79abd5478d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01LB6K3J\plusone[1].js

Filesize
62KB

MD5
2693cd35d818b48f4cd562c6abe0db29

SHA1
131c844eb658219966c722b60cc12c8a542ebe06

SHA256
911fa262008c6ef2bcf8448ad83a5aa8129c39355b98d957f5c7dde2babf9b7c

SHA512
4f692bd49811addfe89d14b156fed6513f04ec4be2629086a8b66ddcd6e7b8b7df149fa017173824c30f7492c2320a3d7b9c0344d5e1f7074742558125654f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCD6D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCDDD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit